<?php
	if(!array_key_exists("username", $_POST) || !array_key_exists("account", $_POST)){
		//This should never happen, just in case of hacking attemp
		header("Location: index.php");
		exit;
	}
	
	$conn = mysql_connect("", "piedu_user", "q&&^%@8ezO8+");
	mysql_select_db("piedu_db");
	
	$clean_username = preg_replace("/[^a-zA-Z0-9@\-_\.\s]/", "", $_POST['username']);
	$clean_password = sha1(preg_replace("/[^a-zA-Z0-9_\-\s]/", "", $_POST['password']));
	$clean_email = preg_replace("/[^a-zA-Z0-9@\-_\.\s]/", "", $_POST['email']);
	$clean_account = preg_replace("/[^a-zA-Z0-9\s]/", "", $_POST['account']);
	$clean_fname = preg_replace("/[^a-zA-Z0-9\s]/", "", $_POST['fname']);
	$clean_lname = preg_replace("/[^a-zA-Z0-9\s]/", "", $_POST['lname']);
	if(array_key_exists("group_code", $_POST)){
		$clean_group_code = preg_replace("/[^a-zA-Z0-9@\-_\.\s]/", "", $_POST['group_code']);
	} else {
		$clean_group_code = null;
	}
	
	//Verify if the user already exists
	$sql = "select * from users where username = '$clean_username'";
	$query = mysql_query($sql, $conn);

	if(mysql_num_rows($query) == 1){
		//The user exists, fail the process and redirect the user to choose another username
		$data = "{$_POST['password']}, $clean_email, $clean_account, $clean_fname, $clean_lname, $clean_group_code";
		setcookie("userdata", $data, time()+3600);
		header("Location: create_account.php?account=$clean_account");
		exit;
	} else {
		unset($sql);
		unset($query);
	}
	
	$sql = "insert into users (username, password, email, account, fname, lname, group_code) values ('$clean_username', '$clean_password', '$clean_email', '$clean_account', '$clean_fname', '$clean_lname', '$clean_group_code')";
	$query = mysql_query($sql, $conn);
	
	if(mysql_affected_rows() == 0){
		//This should not happen, but just in case
		header("Location: index.php?create=false");
		exit;
	}
	
	mysql_close($conn);
	//The insert has been sucessfully and the user now has the account, proceed to send an email with the user information
	$msn = '<html>
		<strong>Hi '.$clean_fname.' '.$clean_lname.':</strong>
		<br /><br />
		Welcome to Pie.Edu!
		<br /><br />
		Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
		<br /><br />
		<strong>Username:</strong> '.$clean_username.'<br />
		<strong>Password:</strong> '.$_POST['password'].'
		<br /><br />
		Lorem ipsum dolor sit amet, <a href="http://www.pie.edu">consectetur adipisicing elit</a>, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
		<br /><br />
		Sincerely<br />
		Robert Keller
		</html>';

	$headers = 'From: Automatic Response <noreply@pie.edu>' . "\r\n"; 
	$headers .= 'MIME-Version: 1.0' . "\r\n"; 
	$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; 
	mail($clean_email, "Welcome to pie.edu", $msn, $headers);
	
	session_start();
	$_SESSION['username'] = $clean_username;
	$_SESSION['fname'] = $clean_fname;
	$_SESSION['lname'] = $clean_lname;
	$_SESSION['account'] = $clean_account;
	$_SESSION['group'] = $clean_group_code;
	
	//according to the user account type, redirect him
	switch($clean_account){
		case "1":
			header("Location: app/student/");
			break;
		case "2":
			header("Location: app/teacher/");
			break;
		case "3":
			header("Location: app/developer/");
			break;
	}
?>